Published: February 21, 2024

Overview

ConnectWise has published information about two serious vulnerabilities affecting ConnectWise ScreenConnect: ‘CWE-288: Authentication bypass using an alternate path or channel’ with a CVSS base score of 10, and ‘CWE-22: Improper limitation of a pathname to a restricted directory (“path traversal”)’ with a CVSS base score of 8.4.

Impact

Vulnerabilities in the on-premises instances of ConnectWise ScreenConnect could allow the ability to execute remote code or directly impact confidential data or critical systems. ScreenConnect servers hosted on the ‘screenconnect.com’ cloud or ‘hostedrmm.com’ have been updated to remediate the issue.

Applicable Versions

Affected VersionUpdated Version
ScreenConnect 23.9.7 and prior  23.9.8

Mitigations and Workarounds

Upgrade ScreenConnect to version 23.9.8, as the vulnerability can be easily compromised. 

Best Practices

Subscribe to vendor’s security advisories and update the products as recommended by the vendor. Run regular vulnerability scans to detect vulnerabilities in your systems. 

Netsurion Detection and Response

Netsurion has updated its threat center with the available IOCs to detect any attacks. Netsurion researchers are continuously monitoring the exploits of this vulnerability.

Netsurion’s vulnerability management system is collaborating with vendors to update the vulnerability scanners for customers who have subscribed to Netsurion Vulnerability Management.


References: